How One Company Secured 70,000 Office 365 Users with CASB

When Adventist Health System made the strategic decision to migrate its 70,000 users to Exchange Online, Microsoft’s cloud-based email platform, they received OneDrive bundled for no additional cost. This initiated a larger conversation within the organization about the use of cloud-based file sharing and collaboration, including which services were already in use and how to enforce their security and compliance policies as sensitive data moved to the cloud.

As a healthcare network with 45 hospitals, Adventist Health System is committed to protecting the privacy of its patients’ health information. At the same time, it is embracing cloud services to deliver greater efficiency and better patient outcomes. They decided to deploy Skyhigh Cloud Access Security Broker (CASB) to gain visibility into file sharing services in use across the organization and coach users in real time to the new corporate standard, Microsoft OneDrive. They also used Skyhigh to implement a wide range of security and compliance policies across data in Office 365 and protect against threats originating in the cloud.

Microsoft Office 365 is very secure, which may explain how it has emerged as the dominant cloud-based enterprise software suite (according to our latest cloud trend data, Office 365 now leads the enterprise cloud service rankings by user count). But like many cloud providers, Microsoft takes responsibility for platform security while leaving the customer to ensure its users are taking precautions to prevent security or compliance incidents. That’s why Skyhigh and Microsoft have partnered to help Office 365 customers gain deep visibility into their Office 365 usage, protect against threats, and enforce compliance and security policies.

Using Skyhigh along with Microsoft Graph, companies can leverage the massive productivity gains enabled by Office 365 while meeting their various compliance, threat protection and data security requirements.

– Rob Lefferts, General Manager, Extensibility

Securing Office 365 with Skyhigh

Download the 20-page guide to get real-world customer use cases, product screenshots, and deployment architectures.

Business drivers for securing Office 365 using a CASB

Enterprises have a high degree of confidence in the security of the Office 365 platform. A strong indication of this is the amount of sensitive data organizations store in OneDrive and SharePoint Online. Skyhigh recently analyzed Office 365 usage data across 21 million users. We found that 17.4% of documents stored in OneDrive and SharePoint Online contain sensitive data. Broken down by data type, 4.2% of files contain sensitive personal information, 2.2% contain protected health information, 1.8% contain bank accounts and card numbers, and 9.2% contain confidential data. While Microsoft has invested heavily in security, all organizations have sensitive or regulated data they cannot store in certain ways or share outside the company.

Another challenge facing organizations today is the unchecked growth of unregulated cloud usage by individuals, teams, and lines of business. The average organization uses 174 different collaboration services and 61 file sharing services. When an organization decides to standardize on an enterprise-ready platform such as Office 365, they often want to migrate users away from unsanctioned cloud services onto the enterprise standard. Not only does standardizing on a secure platform improve the security of corporate data – because many cloud services that employees find on their own may lack essential security controls – consolidation also improves collaboration and reduces cost. Going with a single provider enables volume license discounts and eliminates the need to use multiple services to collaborate.

How Skyhigh helps

Skyhigh offers a single cross-cloud platform for Office 365 security along with over 17,000 cloud services. Using Skyhigh for Office 365, enterprises gain the ability to:

Understand where users store sensitive data, with whom that data is shared, and who is accessing it

Analyze usage to uncover insider threats and compromised accounts and view an audit trail of activity to support a forensic investigation

Enforce data loss prevention policies to prevent inappropriate usage or sharing of sensitive data that could result in compliance violations

Control access based on context, such as geography, data sensitivity, device type, managed/unmanaged device status, and user department

Skyhigh detects insider threats and compromised accounts and can take remediation action

Adventist Health System’s Office 365 journey

As a first step, Adventist Health System used Skyhigh to discover all cloud services in use. What they found surprised them. “Personally it’s been an eye opener. There are definitely more than I expected,” says Dunkerley, who was expecting to see about a dozen file sharing providers in use, but instead found over 90. “I’ve spent a lot of time in IT and there are a lot of services being used that I am not familiar with. It is amazing to see how much data is being uploaded.” Next, they used Skyhigh to display real-time messages when users accessed cloud services outside of policy that coached them to use Office 365.

Protecting patient information is critical for Adventist Health System, not only to avoid serious penalties for violating HIPAA and HITECH regulations, but also maintain trust from its customers. Using Skyhigh, they were able to detect patient data at rest in the cloud and in transit to and from the cloud. While storing sensitive data in secure cloud services is not, in isolation, a problem, an incident could result from unintended disclosure of that data. Skyhigh enforces data loss prevention (DLP) policies to prevent policy violations, including the sharing of data in OneDrive to external accounts and the creation of untraceable sharing links that allow access to anyone with the link.

Recognizing that threats to data can originate with user activity – whether the user is acting carelessly or maliciously – Skyhigh analyzes all user activity in Office 365 with machine learning to detect insider threats. Skyhigh also identifies potentially compromised accounts based on login attempts from two locations within a time frame that would require impossible travel as well as brute force login attempts. With the value of healthcare data worth as much as 10 times more than a credit card, these tools help Adventist Health System protect their patients. When Skyhigh detects a threat, the system can automatically take action to suspend account access in the case of an insider threat, or require additional authentication for compromised accounts.